{"id":"CVE-2023-24607","details":"Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.","modified":"2026-04-16T04:40:13.169953951Z","published":"2023-04-15T01:15:07.043Z","related":["SUSE-SU-2023:1567-1","SUSE-SU-2023:2971-1","SUSE-SU-2023:2982-1","SUSE-SU-2023:3018-1","SUSE-SU-2023:3207-1","SUSE-SU-2023:3225-1","openSUSE-SU-2024:12673-1","openSUSE-SU-2024:12801-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"type":"ADVISORY","url":"https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"},{"type":"ADVISORY","url":"https://www.qt.io/blog/tag/security"},{"type":"ADVISORY","url":"https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/qtbase/+/456216"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"},{"type":"FIX","url":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"3bf50a7db9a1add66fb66b7a1f9c1d3b038c5e7f"},{"fixed":"4e158f6bfa7d0747d8da70b3b15a44b52e35bb8a"},{"introduced":"fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17"},{"fixed":"4c1c38dede55565afa846685b3e19cf8f1cfed0c"},{"introduced":"9554d315aa74eaba1726405ee09117e2ebc6111f"},{"fixed":"519d2d8f442409e86a0ee2fa16bd543342180861"},{"fixed":"aaf1381eab6292aa0444a5eadcc24165b6e1c02d"}],"database_specific":{"versions":[{"introduced":"5.0.0"},{"fixed":"5.15.13"},{"introduced":"6.0.0"},{"fixed":"6.2.8"},{"introduced":"6.3.0"},{"fixed":"6.4.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24607.json","vanir_signatures":[{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","deprecated":false,"signature_type":"Function","digest":{"function_hash":"252800487098528502969560155377874210920","length":1503},"id":"CVE-2023-24607-0848e401","signature_version":"v1","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCResult::prepare"}},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","deprecated":false,"digest":{"function_hash":"176981847587405161815186066176953525305","length":2079},"signature_type":"Function","id":"CVE-2023-24607-3a04ccd9","signature_version":"v1","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCResult::reset"}},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCDriver::primaryIndex"},"signature_type":"Function","digest":{"function_hash":"231767649323504619791383579173074202052","length":2508},"id":"CVE-2023-24607-3aadcdf6","signature_version":"v1","deprecated":false},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCDriver::record"},"signature_type":"Function","digest":{"function_hash":"249035898946977597367542997231385299716","length":1781},"id":"CVE-2023-24607-7df6654a","signature_version":"v1","deprecated":false},{"source":"https://github.com/qt/qtbase/commit/519d2d8f442409e86a0ee2fa16bd543342180861","deprecated":false,"signature_type":"Function","digest":{"function_hash":"295101940135934345933041483191011700216","length":595},"id":"CVE-2023-24607-a5aaecac","signature_version":"v1","target":{"file":"src/corelib/tools/qvarlengtharray.h","function":"QVarLengthArray"}},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","deprecated":false,"signature_type":"Function","digest":{"function_hash":"67831296646483273461037135050746472326","length":2343},"id":"CVE-2023-24607-b921a37f","signature_version":"v1","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCDriver::open"}},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["217642529427620289499003502620787255878","116716139001964074052103999807724031210","321470790418837753080398589889158344288","241908482120688129157335734488606110699","85931507992438679457998139060120233204","269283106012881717161604046071818951823","90990521189118216827308504549778186604","154435026454746122048966494386123211035","40716386662201965389155645479666922815","57439686605529833079406280594930806048","93243892512983491836551095422397007401","173410204531750785737275102910415164954","26869955747226502446073675622290375021","17303138321231635926895014358267821148","302556297761808258492598365537657747961","65402798577171812734482719301379786116","9135277449767183636344521933554634079","292969000828891717099147073204442476167","301117466471630661872296303834525553184","240189804062545303059683673070287792253","59772067679540037539435905640619181742","146471345151971056192614006168335406669","309524104779893930755916499530758084799","57483058266469252426633991949183761161","222316235965230481914755033386542233218","189714220819465519165602308706960756282","273495033246851570274378853020724232134","149357997340044632117339981399732864870","72801526388863202891208037522263763166","181652898321082679544699339750060006164","196565952345661569669257853320859470053","146684922094353461268322557272150796842","22396991709896748912509052028930976151","73172529853627839080791023834561984988","102252110266895922851222943965873788820","22970633764676780819376621199153091493","112025231129620249239455272886159086827","87725635386447058445760451791131120160","296468041839081177935276089405774118317","65295879771908575459699102460946006028","217044956021517558270063184863580359689","51353195864791972412836456197582339351","277520592720585961549749395294173761484","182493347194761557852541202914771777316","34526181246488472795543429069910113725","119375222992584113237611490838253139605","59554400843614566687816741789236451551","305801102573263774810598934439156265418","239022278838429201872579479128045748887","122588598547285151832904296254450080265","221792614301079877209855931183550206099","294093204275665402663799649398283100925","132470842970917883018690465643528223503","270349623119937855985725614104674976457","113483902513478924154274920385095290052","213422471472130706008782371085581756510","24786722821269003636934206998817046622","182493347194761557852541202914771777316","34526181246488472795543429069910113725","26842265132237637912666983224858334368","186668503974808830817767153083294067897","120162442157940422211076303087585930783","323953607529819656349016393559157009746","166720483419452408647284182906538819505","133152490838136202133911872294862178123","108672671891204149386044590706018765492","217759080297273640108891071808320927206","23262945564694321497802041084819870688","143211711392164662174878990839765490284","245325118562827352953258087501059676065","2887790236846419104109894774763636804","108243230695364339829024966253614476186","57240310449569667848935959574975444419","133759038451958793835589695282122121794","327357016662287943499059945684731278152","112000632698591786147216707396370952584","107134897313946292981093051380270514724","91145994256518314498317902644262919234","8998576765501819859639525114864423597","91805994139050163594780213942727565623","16876062457813528936661450585520002782","317968178618887529825507471525616091015","322612405862138961605207428863652270960","317968178618887529825507471525616091015","36125106701401838209286571182431680169","286563963975226011310592153655649183407","330558126787226358340674794862672657911","138912508260656935790879071682010054756","44428568242235516121410485501913831407","289475353622598405926887896716690809993","206648749712756304143777045402668751959","92666969879941325308925304822939278988","28839647773389573281808121171465478964","297744134679546520378694792017206186792","301133427892605504361333561088557662960","169783548912343500383285016621034001414","189700857183882696018582963305098426889","17768313542909086404288333200637491144","116536436860378036524245188791444171543","79627226527796577928803139925357045552","120841840128542238512335122920046209518","136816807456310545163599838350042162666","297744134679546520378694792017206186792","301133427892605504361333561088557662960","3986029626658955124633113192384591767","103357532456271250252154589398920642831","17129839854858459970454747698299280680","16716492509609484730464110307808954947","324917526262158270575938651752434431776","337229091269269207284643007045460422098","281732308478039727011066206624165670393","305482963662004714087000999139336312346","187917436761863171464555499822092426287","170353603864628260614718762261742637517","297744134679546520378694792017206186792","301133427892605504361333561088557662960","3986029626658955124633113192384591767","168831954651459449739013536369871804717","285707588399701132430632972150906696455","127222596387287275473423184300016468162","88082751744350285890377774132185644500","175271788825621109174818957388867856458"],"threshold":0.9},"id":"CVE-2023-24607-d47fbee1","signature_version":"v1","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp"}},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","deprecated":false,"signature_type":"Function","digest":{"function_hash":"222837042868679194554749386866578907087","length":1682},"id":"CVE-2023-24607-dc3f46a9","signature_version":"v1","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCDriver::tables"}},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCDriverPrivate::setConnectionOptions"},"signature_type":"Function","digest":{"function_hash":"51990642598968749275452792537557796975","length":4153},"id":"CVE-2023-24607-dd2c2e02","signature_version":"v1","deprecated":false},{"source":"https://github.com/qt/qtbase/commit/519d2d8f442409e86a0ee2fa16bd543342180861","target":{"file":"src/corelib/tools/qvarlengtharray.h"},"signature_type":"Line","digest":{"line_hashes":["174344533808791172224865101240757923064","292219089122817761886677078848108447252","157381648178923186010867101867476777242","208545306413576769817883439594691481482","21460200879669521690759595206101232051","263960305989060570785386688078128348630","174982206297014867183313898130643092065","211358169926691951945999549822585869569","244735439742552624691379035978819324955","280330701152302034312108794158040873354","294400776029424231837909997457099990489","113645022394016750227380919921066554946","320878052515778070762508008096200429102","198805573745728019413386933266673087567","69531322627785808249344120149368399243","208225844310610307393864733518722014736","310794867848066553248730596881228213280","207728896192900899649567726543019791945","9209557387873568089170733517070566958","35406923741947535377650458926203038699","5471535722605748470853744698129518205"],"threshold":0.9},"id":"CVE-2023-24607-e4badc7f","signature_version":"v1","deprecated":false},{"source":"https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d","deprecated":false,"signature_type":"Function","digest":{"function_hash":"119065469992688806340197033843195026639","length":10047},"id":"CVE-2023-24607-e4e068bb","signature_version":"v1","target":{"file":"src/plugins/sqldrivers/odbc/qsql_odbc.cpp","function":"QODBCResult::exec"}}],"vanir_signatures_modified":"2026-04-12T06:21:07Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}